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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER. FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 

earned patent term adjustment See 37 CFR 1.704(b). 

Status 

1 )K Responsive to communication(s) filed on 17 July 2006. 
2aM This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1 935 CD. 11, 453 O.G. 21 3. 

Disposition of Claims 

4) ^ Claim(s) 1^48 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) n Claim(s) is/are allowed. 

6) E3 Claim(s) 1-8. 10-24.26-40 and 42-48 is/are rejected. 

7) Q Claimfe) 9.25 and 41 is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)Q accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1 .121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 
2.Q Certified copies of the priority documents have been received in Application No. 



3.D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
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3) y information Disdosure Statement(s) (PTO/SB/08) 5) □ Notice of informal Patent Applicabon 

Paper No(s)/Mail Date 08/0&2006 . 6) U Other: . 
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DETAILED ACTION 

1. The text of those sections of Title 35 U.S. Code not included in this section can be found 
in the. prior office action. 

2. The prior office actions are incorporated herein by reference. In particular, the 
observations with respect to claim language, and response to previously presented arguments. 

3. Claims 7-9, 23-26, 39-41 have been amended. 

4. Claims 1 -48 have been examined and are pending are pending. 

Response to Arguments 

5. Applicant's arguments filed 07/17/2006 regarding the rejection of the claims 1-8, 10-24, 
26-40, and 42-48 under 35 U.S.C. 103(a) have been fully considered but they are not persuasive. 
With respect to independent claims 1, 17, 33 Applicant has merely argued that prior art Of record 
Kaliski and Persson do not teach or disclose sending a message to a wireless access point, the 
message including an encrypted shared secret, a user terminal certificate, and an authenticator 
string, as recited in claims. With respect to independent claims 26 and 42, Applicant has argued 
prior art of record to Kaliski and hind do not teach or disclose "a user terminal of a wireless 
access network". Applicant has concluded that claims 2-7, 18-23, 34-39, 27-33, 40-41, 43-48 are 
not obvious in view of Kaliski, Persson and Hind for at least the aforementioned reasons. 

The examiner responds that prior art of record to Kaliski does disclose the claimed 
"wireless access point " and "a user terminal of a terminal of a wireless access network" by 
disclosing (Kaliski, claim 5) "transmitting credential verification information from the client to 
the server over an encrypted communications channel, the communications channel comprising a 
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wireless communications channel ", emphasis added by the examiner. That is, client/server of 
Kaliski communicating via a wireless communications channel necessarily are wireless client 
and server corresponding to the claimed "user terminal of a wireless network" and "wireless 
access point". 

Applicants still have failed to identify specific claim limitations', which would define a 
patentable distinction over prior arts. 

Therefore, the examiner asserts that cited prior art does teach or suggest the subject 
matter recited in independent claims 1,17, 26, 33 and 42 and in subsequent dependent claims 2- 
8, 10-16, 18-24, 27-32, 34-40, 43-48. Accordingly, rejections for claims 1-8, 10-24, 26-40, 42-48 

are respectfully maintained. 

However, Applicant's Amendment to claims 9, 15 and 41 have overcome the prior 
rejections of claims 9, 15 and 41 and are found by the Examiner allowable subject matter. 

Claim Rejections - 35 USC§ 112 

The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

6. Claims 7-8, 23-24, 39-40 are rejected under 35 U.S.C. 1 12, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

The term "possible authentication messages" in claim 7, 23 and 39 is a relative term, 
which renders the claim indefinite. The term "possible authentication messages" is not defined 
by the claim, the specification does not provide a standard for ascertaining the requisite degree, 
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and one of ordinary skill in the art would not be reasonably appraised of the scope of the 
invention. 

Dependent claims 8, 24 and 40 are also rejected by virtue of their dependencies. 

Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

This application currently names joint inventors. In considering patentability of the 
claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of the various 
claims was commonly owned at the time any inventions covered therein were made absent any 
evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out 
the inventor and invention dates of each claim that was not commonly owned at the time a later 
invention was made in order for the examiner to consider the applicability of 35 U.S.C. 103(c) 
and potential 35 U.S.C. 102(e), (f) or (g) prior art under 35 U.S.C. 103(a). 
7. Claims 1, 4-6, 17, 20-22, 33, 36-38 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over prior art of record, US patent 6,189,098 to Kaliski, Jr. and further in view 
Hindetal (hereinafter "Hind"). 

As per claims 1,17 and 33, Kaliski, Jr. teaches a method, a user terminal and a machine- 
readable medium performed by a user terminal of a wireless access network, the method 
comprising: 
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generating a shared secret to be provided to an access point of the wireless access 
network (col. 4, lines 44-45, i.e. KSS||TS, see also claim 5); 

encrypting the shared secret with an access point public key (col. Col. 4, lines 39-55, i.e. 
{KSS||TS}PUBserv); 

sending a message to the access point, the message including the encrypted shared secret, 
a user terminal certificate (col. 9, lines 8-12). 

While Kaliski, Jr. teaches generating an authenticator ( col. 10, lines 30-50, i.e. 
concatenating a time-varying value with the certificate and encrypting the result using the shared 
secret) Kaliski, Jr. does not teach but Hind teaches the authenticator string demonstrating 
possession of a user terminal private key and sending a message to the access point, the message 
including the authenticator string (col. 12, lines 42-55). 

It would have been obvious to one of ordinary skill in the art to modify the teachings of 
Kaliski, Jr. to include an authenticator string demonstrating possession the users terminal private 
key as taught by hind with a motivation that an imposter would not be able to impersonate the 
user terminal of Kaliski, Jr. by replaying the certificate in transmission (Hind, col, 12, lines 55- 
62). 

As per claims 4, 20 and 36, Kaliski, Jr. as modified teaches the method, the user 
terminal and the machine-readable medium of claims 1, 17 and 33, wherein generating the 
authenticator string comprises generating an authenticator message and signing the authenticator 
message with the user terminal private key (Hind, col. 12, lines 52-54). 
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As per claims 5, 21 and 37, Kaliski, Jr. as modified teaches the method, the user 
terminal and the machine-readable medium of claims 4, 20 and 36 respectively, wherein signing 
the authenticator message comprises: 

generating a digest of the authenticator message; and encrypting the authenticator 
message digest with the user terminal private key (Hind, col. 12, lines 54-55, Hind uses 
SSL/TSL protocol in signing the authenticator string using the terminal private key). The 
examiner asserts that generating a digest and encrypting the message digest with the private key 
of signer (user terminal) is inherent in SSL/TSL protocol disclosed by Hind in that the SSL 
protocol is designed to support a range of choices for specific security methods used for 
cryptography, message digests, and digital signatures. 

As per claims 6, 22 and 38, Once modified, Kaliski, Jr. teaches the method, the user 
terminal and the machine-readable medium of claims 4, 20 and 36 respectively, wherein the 
authenticator message comprises a time parameter and at least part of the shared secret (col. 10, 
lines 30-50, i.e. Kaliski, Jr.'s authenticator string (i.e. certificate concatenated with time-varying 
value). 

8. Claims 2-3, 18-19 and 34 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Kaliski, Jr. and Hind as applied to claims 1, 17 and 33 above, and further in view of prior art of 
record to Persson et al., US patent 6,754,824 (hereinafter "Person"). 

As per claims 2, 18 and 34-35, Kaliski teaches the method, the user terminal and the 
machine-readable medium of claims 1, 17 and 33 respectively, except wherein the user terminal 
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certificate is scrambled, using a pseudo-random sequence generator initialized with a part of the 
shared secret, before being included in the message. 

However, in an analogous art, Persson is directed to telecommunications systems and 
methods wherein the identity of the transmitting node is verified by modulating the CRC code 
utilizing a sequence known only to the participating parties. The modified CRC is generated by 
both the transmitting node and the receiving node initializing a LFSR register by a common key 
known only to the participating nodes (i.e. a pseudo-random sequence generated by a linear 
feedback shift register initialized with a part of the shared secrete (Persson, col. 2, lines 5-23). 

Therefore, it would have been obvious to one of ordinary skill at the time the invention 
was made to employ the teachings of Persson within the method and system of Kaliski for 
combining Kaliski's certificate with a pseudo-random sequence generated by a linear feedback 
shift register initialized with a part of the shared secret in order to verify both the authenticity of 
the received certificate and the identity of transmitting node and to deter unauthorized party to 
replace the participating nodes if week encryption or no encryption is switched on after 
authentication ( Persson, col. 1, lines 35-49). 

As per claims 3, 19 and 35, Kaliski Jr. The method, the user terminal and the machine- 
readable medium of claims 2, 18 and 34 respectively, wherein the remainder of the shared secret 
comprises a master secret to be used for symmetric key cryptography between the user terminal 
and the access point (col. 4, lines 42-55, i.e. KSS is used for symmetric key cryptography, the 
remainder of KSS||TS). 
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9. Claims 10-16, 26-32 and 42-48 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over US patent 6,189,098 to Kaliski, Jr. and further in view of Hind et al 
(hereinafter "Hind"). 

As per claims 10 and 42, Kaliski, Jr. teaches a method, a machine-readable medium 
performed by an access point of a wireless access network, comprising: 

receiving a message from a user terminal of the wireless access network (col. 4, line 56 
through col. 5 line 10), the message containing a shared secret encrypted with an access point 
public key, a user terminal certificate, (col. 9, lines 8-18); 

decrypting the shared secret using an access point private key (col. 9, lines 3-7); 

Kaliski does not teach but Hind teaches authenticating the user terminal by checking the 
authenticator string using a user terminal public key included in the user terminal certificate to 
verify possession of the user terminal private key by the user terminal (Hind, col. 7, line 57 
through col. 8, line 23, see also col. 6, lines 10-25). 

It would have been obvious to one of ordinary skill in the art to modify Kaliski's 
certificate with Hind's user terminal certificate containing identification of user terminal and a 
user terminal public key corresponding to a user terminal private key, wherein the user terminal 
certificate is used to authenticate the user terminal with a motivation to couple Kaliski's 
certificate with both users of the terminal and the terminal in order to solve the prior art problems 
associated with users' certificates in enterprise situations where each application (user) as well 
as each device may require a different levels of security , requiring the ability to allow different 
levels of security accesses ( Hind, col. 7, lines 12-24). 
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As per claims 11 and 43, Kaliski Jr. teaches the method and the machine-readable 
medium of claims 10 and 42 respectively, wherein the user terminal certificate is scrambled, and 
the access point unscrambles the user terminal certificate using the shared secret (col. 4, lines 39- 
55, Fig. 3A and associated text). 

As per claims 12 and 44, Kaliski Jr. as modified teaches the method and the machine- 
readable medium of claims 10 and 42 respectively, wherein checking the authenticator string 
comprises decrypting the authenticator string using the user public key (Hind, col. 7, line 57 
through col. 8, line 23, see also col. 6, lines 10-25, col. 12, lines 42-63). 

As per claims 13 and 45, Kaliski Jr. as modified teaches the method and machine- 
readable medium of claims 12 and 45 respectively, wherein checking the authenticator string 
further comprises generating and authenticator message, generating a digest of the authenticator 
message, and comparing the authenticator message digest with the decrypted authenticator string 
(Hind, col. 12, lines 54-55, Hind uses SSL/TSL protocol in signing the authenticator string using 
the terminal private key). The examiner asserts that generating a digest and encrypting the 
message digest with the private key of signer (user terminal) is inherent in SSL/TSL protocol 
disclosed by Hind in that the SSL protocol is designed to support a range of choices for specific 
security methods used for cryptography, message digests, and digital signatures). 

As per claims 14 and 46, once modified, Kaliski Jr. teaches the method and the 
machine-readable medium of claims 13 and 45 respectively, wherein the authenticator message 
comprises at least part of the shared secret (col. 9, lines 8-19, see also col. 10, lines 30-50). 
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As per claims 15 and 47, Kaliski Jr. teaches the method and the machine-readable 
medium of claims 10 and 42 respectively, wherein the user terminal certificate is signed by a 
certificate authority trusted by the access point (col. 4, lines 4-25, see also col. 5, lines 5-10). 

As per claims 16 and 48, Kaliski Jr. teaches the method and the machine-readable 
medium of claims 10 and 42, wherein the shared secret is to be used for symmetric key 
cryptography between the access point and the user terminal (col. 4, lines 39-55, the shared 
secret session key KSS is used for symmetric key encryption between the client and the server). 

As per claims 26, Kaliski Jr. teaches an access point comprising: 

a receiver to receive a message from a user terminal, the message containing a shared 
secret encrypted by the user terminal with an access point public key, a user terminal certificate 
including a user terminal public key (col. 4, lines 56 through col. 5, line 10, Fig. 3b and 
associated text); 

a processor coupled to the receiver to decrypt the shared secret using an access point 
private key (col. 4, line 59-60); 

While Kaliski Jr. teaches a processor coupled to the receiver to decrypt the shared secret 
using an access point private key (col. 4, line 59-60), Kaliski Jr. does not teach authenticating 
the user terminal by verifying possession by the user terminal of the user terminal private key. 

However, Hind teaches the user terminal certificate includes an identification of the user 
terminal and a user terminal public key which corresponds to user terminal private key, wherein 
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the user terminal certificate is used to authenticate the user terminal by verifying possession by 
the user terminal of the user terminal private key (Hind, col. 12, lines 42-63). 

It would have been obvious to one of ordinary skill in the art to Kaliski's method and 
system with the teachings of Hind to authenticate the user terminal by verifying possession by 
the user terminal of the user terminal private key with a motivation to provide assurance that the 
data has not been changed in transmission (Hind, col. 8, lines 12-23); 

As per claim 27, Kaliski Jr. teaches the access point of claim 26, wherein the user 
terminal certificate is scrambled, and the processor is further to unscramble the user terminal 
certificate using the shared secret (col. 4, lines 39-55, Fig. 3A and associated text). 

As per claim 28, Kaliski Jr. as modified teaches the access point of claim 26, wherein the 
processor verifies possession of the user terminal private key by decrypting the authenticator 
string using the user terminal public key (Hind, col. 7, line 57 through col. 8, line 23, see also 
col. 6, lines 10-25, col. 12, lines 42-63) 

As per claim 29, Kaliski Jr. as modified teaches the access point of claim 28, the 
processor further verifies possession of the user terminal private key by generating an 
authenticator message, generating a digest of the authenticator message, and comparing the 
authenticator message digest with the decrypted authenticator string ((Hind, col. 12, lines 54-55, 
Hind uses SSL/TSL protocol in signing the authenticator string using the terminal private key). 
The examiner asserts that generating a digest and encrypting the message digest with the private 
key of signer (user terminal) is inherent in SSL/TSL protocol disclosed by Hind in that the SSL 
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protocol is designed to support a range of choices for specific security methods used for 
cryptography, message digests, and digital signatures). 

As per claim 30, Once modified, Kaliski Jr. teaches the access point of claim 29, 
wherein the authenticator message comprises at least part of the shared secret (col. 9, lines 8-19, 
see also col. 10, lines 30-50). 

As per claim 31, Kaliski Jr. teaches the access point of claim 26, wherein the user 
terminal certificate is signed by a certificate authority trusted by the access point (col. 4, lines 4- 
25, see also col. 5, lines 5-10). 

As per claim 32, Kaliski Jr. teaches the access point of claim 26, wherein the shared 
secret is to be used for symmetric key cryptography between the access point and the user 
terminal (col. 4, lines 39-55, the shared secret session key KSS is used for symmetric key 
encryption between the client and the server). 

Allowable Subject Matter 

10. Claims 9, 25 and 41 are objected to as being dependent upon a rejected base claim, but 
would be allowable if rewritten in independent form including all of the limitations of the base 
claim and any intervening claims. 

Action is Final 

1 1. THIS ACTION IS FINAL. Applicant is reminded of the extension of time policy as set 
forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
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MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 
1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, 
will the statutory period for reply expire later than SIX MONTHS from the mailing date of this 
final action. 

Conclusion 

1 2. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Taghi T. Arani whose telephone number is (571) 272-3787. The 
examiner can normally be reached on 8:00-5:30 Mon-Fri. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9^97 (toll-free). 

TaghiT Arani, Ph.D. 
Primary Examiner 
Art Unit 2131 
9/30/2006 



